Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Radius Authentication - Remote LAN

Hi all.

I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.

ASA5510-1 currently has a live site to site to ASA5510-2.

ASA 5510-1 -

ASA 5510-2 -

DC -

ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.

I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.


Radius Authentication - Remote LAN


When authenticating via radius you need to point the ASA to a radius server. Are the DCs running microsoft IAS? If so, can you post the contents of your radius server configuration and also are you using the proper interfaces for these radius servers?

You can also setup a capture on the ASA for port 1645, 1646 along with 1812 and 1813 (depending how you configured your radius servers and see if the response is leaving on the right interface.

Also what command are you using when you attempt the test?


Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Radius Authentication - Remote LAN

The DC's are running Microsoft IAS.

ASA5510-02 which is on the same network / subnet as the DC can authenticate against it.

ASA5510-01 which is on a remote LAN over the VPN is unable to authenticate to it. I have replicated the AAA config's.

New Member

Re: Radius Authentication - Remote LAN

Hi Jamie,

Can you post your radius server configuration from your ASA.

Sent from Cisco Technical Support iPad App